Managing mobile devices and securing your endpoints is an important task, there are many MDM solutions out there, including Microsoft’s own InTune. But what if you’re a small company? Well if you’re using Office 365 then you can take advantage of the Mobile Device Management for Office 365 feature to provide basic MDM features such as ensuring devices connecting aren’t Jailbroken, have a device password set and allow remote wipe.
In this post I’ll walk through the administrative steps required to get the tenant ready for MDM and how to apply it to users
So, we browse to the Mobile Management section within the Office 365 portal and we are greeted with:
After clicking Let’s get started and once the Microsoft automation tasks have completed and MDM is ready we are greeted with:
First thing is to complete the settings and remove the error
To configure the tenant domain(s) you need to add two new cname records as per http://go.microsoft.com/fwlink/p/?linkId=525583
Now, if you’re not going to have Apple devices then you can, as it says skip that configuration.
After clicking on Set up, we have to download the CSR from our account
Next we have to browse to the Apple Portal
Sign in with an Apple Account (ensuring it’s an account that isn’t tied to a specific user so can continue to be used as the certificates will need renewing)
Click on Create a Certificate
Use the Choose File button to browse and select the CSR file generated earlier.
Once processed use the download button to download the PEM response file
You can close out the Apple website and upload the PEM file.
Now we have a nice green tick to say we’re set up
Now we need to create polices that can be applied to users, the first step of which is to ensure we have a group in Office 365 that we can apply the policy to
After ensuring our groups are created we can create our Device Management policies.
We give the policy a name
Now you can choose the policy options
Then some additional options
Next, we have the option to just save the policy, but doing so will not apply it or we can apply the policy straight away
Now we can browse to the group(s) we created earlier and add them
Once the group(s) are added we can continue
We are given a summary of the policy
Back in the portal we can see that the policy has been created and that it is being turned on
After a little while we can see that its status has been set to on
Now it is just a case of assigning users to the group and they will get the policy assigned. I hope to cover the client experience in another post